Skip to content

Commit 564e080

Browse files
adriaanmadriaanm
committed
Use 1024 DH for Java 6 compat
1 parent 634012e commit 564e080

File tree

2 files changed

+6
-7
lines changed

2 files changed

+6
-7
lines changed

README.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -598,9 +598,11 @@ Incorporate the cert into an ssl chain for nginx:
598598

599599
For [forward secrecy](http://axiacore.com/blog/enable-perfect-forward-secrecy-nginx/):
600600
```
601-
openssl dhparam -out files/default/dhparam.pem 2048
601+
openssl dhparam -out files/default/dhparam.pem 1024
602602
```
603603

604+
Using 1024 bits (instead of 2048) for DH to be Java 6 compatible... Bye-bye A+ on https://www.ssllabs.com/ssltest/analyze.html?d=scala-ci.typesafe.com
605+
604606
Confirm values in the csr using:
605607

606608
```

files/default/dhparam.pem

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,5 @@
11
-----BEGIN DH PARAMETERS-----
2-
MIIBCAKCAQEA5NLmgxgKBqd59SNecEKUQOnXww8tPWpPOOtwQw3e8ZNhINxlSxsO
3-
oseA9lotBnlU3tKojSwHKGgp/3cm8NMJ8lwmXCZe2mIZqHOPJRmN5GayNhxpLmcM
4-
POKEathuHN9j0Fd3bqU3yt2GqDZ90jVp+6rCCXDK2IpoRvVlEc8D+NQMgRQVxiL8
5-
PnKZEK2vn+KS5h/qX4+z9BNVSSdm1aA8q0yCr6dBYYQAMUe2AFicdV0X/ETLVULZ
6-
BUJaQkjKn4yQfjC1p1j8vUqaCaEydDVkqAesr1K6yiCYpsMnfZf+UsXMEX7BwA4q
7-
1D1CI88v5GwcfsSeZNR0z45ksSz7USFnmwIBAg==
2+
MIGHAoGBAIT9Rv1jZ+PJl8R4iAEFbcfa8xCANtpJIi3yQzTlPeDh09LdCi1nAzZq
3+
JYXDsYXubmlx3h2RBJax7x8ibXUgk8YOAuBKDgt7KWfgMHtTMXSTCMfzIISqV4K4
4+
yt8CdMKRNZWR0b43BsXzCl2e5fBCgn3gJW4LW410LrPw+NLjDyILAgEC
85
-----END DH PARAMETERS-----

0 commit comments

Comments
 (0)